# HG changeset patch # User Paul Boddie # Date 1383850556 -3600 # Node ID 73d84e37fc21ab13b577a4f4f1ea00035e819d41 # Parent 124b54c4342853ce5d1128923f1ce468f2a0b404 Added ACL translation for subpage items. diff -r 124b54c43428 -r 73d84e37fc21 MoinForms.py --- a/MoinForms.py Thu Nov 07 19:16:45 2013 +0100 +++ b/MoinForms.py Thu Nov 07 19:55:56 2013 +0100 @@ -426,6 +426,46 @@ else: return Page(self.request, self.pagename).getACL(self.request) + def getSubpageACL(self): + + """ + Return the access control list for the form for data that will be + stored in subpages. Where no form-specific policy is specified, the + page's ACL will be used as the basis of the subpage ACL. + """ + + cfg = self.request.cfg + + acl = self.getACL() + new_acl_lines = [] + + for acl_str in acl.acl_lines: + new_acl_line = [] + + for op, users, rights in security.ACLStringIterator(cfg.acl_rights_valid, acl_str): + + # Remove "read" rights unless the "admin" right is also present. + + if op != "-" and "read" in rights and not "admin" in rights: + rights.remove("read") + + # Add "read" rights if absent and "admin" is present. + + elif op != "-" and not "read" in rights and "admin" in rights: + rights.append("read") + + new_acl_line.append((op, users, rights)) + + new_acl_lines.append(" ".join([ + "%s%s:%s" % (op, ",".join(users), ",".join(rights)) for (op, users, rights) in new_acl_line + ])) + + # Add an extra read-disable rule just to make sure. + + new_acl_lines.append("-All:read") + + return security.AccessControlList(cfg, new_acl_lines) + def checkPermissions(self, action): """ @@ -505,7 +545,7 @@ # Add an ACL to restrict direct access to subpages. request = self.page.request - acl = self.handler.getACL() + acl = self.handler.getSubpageACL() item = acl.getString() + item ItemStoreBase.append(self, item)